2. Knowledge base
  3. Information Security Management
  4. What is access control

What is access control

Last updated: 2024-05-01
See our solution:
Risk Management
Was this article helpful?
3 of total 3 found this helpful.

What does access control mean

Access control means having control over who has access to which company spaces, resources, information, systems, networks, or data in an organization. It means allowing or restricting access somewhere. For companies and organizations, access control is a necessity from the perspective of physical and information security.

Definition of Employee Access Control

  • Employee access control involves limiting access to various parts of a company, workplace, rooms, buildings, or other properties.
  • It also encompasses access to information, systems, applications, or specific parts thereof.
  • The goal is to prevent unauthorized physical access, track valuables, and maintain security within the workplace.
  • Every company’s software, applications, and cloud services should implement access control

Why Employee Access Control Matters

  • Unauthorized physical access can lead to theft, destruction, vandalism, and harm to employees.
  • Unauthorized access may also result in safety threats and fines, especially when dealing with sensitive data, equipment, or chemicals.
  • Incorrect access permissions could lead to self-harm, equipment damage, or unauthorized sharing of information.
  • Understanding who has access is crucial for emergency situations (e.g., evacuation counting).

How to Control Employee Access

  • Determine and enforce access rights to different parts of the property (e.g., buildings, rooms, facilities, equipment, systems, sensitive areas).
  • Maintain records of keys issued, access cards, and authorizations (e.g., power of attorney).
  • Automate access to applications using identity management systems (e.g., LDAP, AD).
  • Ensure security for workplace, rooms, or buildings.
  • Employee access management covers the entire employee lifecycle, including onboarding, job changes, and departures.

In summary, employee access control is essential for maintaining security, preventing unauthorized access, and safeguarding both physical and digital assets within an organization. 

What are the ways to control access

  • technical means such as keys, cards, physical control, passwords, logins, and so on
  • legal means, such as contracts, NDA, enforcement through policy or directive
what is access control

What does it mean to have access control under control

1. You must correctly identify authorized persons

  • The basis for access control is the correct determination of who to grant access to and who to deny it
  • This means ensuring that you issue and revoke access to people in the company based on their job placement, from which authorization arises
  • The same applies to external parties or third parties
  • Typically, it is based on the job placement and roles of individual people
  • From the job placement arise duties and subsequently also access permissions somewhere

2. You must have technical means to grant or deny access

  • Technical means provide some physical or digital barrier or protection
  • This means keys, entry cards
  • In the digital world, it is the use of some digital identity to verify users, such as a login

3. Support with legal means

  • Legal means can supplement or replace technical means
  • These include, for example, NDA, contracts, amendments, penalties

4. Correctly set processes for assigning, changing, and revoking permissions

  • You revoke permissions as soon as the work is done.

5. You must have everything correctly described in

What does unauthorized access mean

Unauthorized access means a breach of confidentiality. It arises as a result of poorly managed access, namely

  • assigning authorization to the wrong person, or
  • not revoking access when changing job positions or when an employee leaves
  • some violent act - attack, theft, burglary, and so on

Basic principles of access control

  • Control physical access to spaces and computer networks
  • Limit access to unauthorized users
  • Limit access to data or services through application controls
  • Limit what can be copied from the system and stored on storage devices
  • Limit the sending and receiving of certain types of email attachments
  • Ensure that individuals have access only to data and services for which they are authorized.

What common processes are important for access control

In practice, access control in organizations fails mainly in assigning, changes (not done legally) or revoking permissions (permission is not revoked). It is mainly about the processes of joining and leaving an employee

  • Assigning permissions is part of onboarding
  • Revoking permissions is part of offboarding
Recommended to know
Where to go next